{"id":"CVE-2017-1002102","details":"In Kubernetes versions 1.3.x, 1.4.x, 1.5.x, 1.6.x and prior to versions 1.7.14, 1.8.9 and 1.9.4 containers using a secret, configMap, projected or downwardAPI volume can trigger deletion of arbitrary files/directories from the nodes where they are running.","aliases":["GHSA-mm7g-f2gg-cw8g","GO-2023-1977"],"modified":"2026-04-10T03:56:09.399819Z","published":"2018-03-13T17:29:00.280Z","related":["openSUSE-SU-2025:15424-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:0475"},{"type":"REPORT","url":"https://github.com/kubernetes/kubernetes/issues/60814"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kubernetes/kubernetes","events":[{"introduced":"283137936a498aed572ee22af6774b6fb6e9fd94"},{"last_affected":"c3e367ec9eae7338ac4e2a57f293634891319b7c"},{"introduced":"a16c0a7f71a6f93c7e0f222d961f4675cd97a46b"},{"last_affected":"19e81afecf5eb2b7838c35e2cbf776aff04dc34c"},{"introduced":"58b7c16a52c03e4a849874602be42ee71afdcab1"},{"last_affected":"e8c167a115ec662726904265d17f75a6d79d78d8"},{"introduced":"fff5156092b56e6bd60fff75aad4dc9de6b6ef37"},{"last_affected":"14ea65f53cdae4a5657cf38cfc8d7349b75b5512"},{"introduced":"d3ada0119e776222f11ec7945e6d860061339aad"},{"fixed":"d1303b003001cf2b5b8cec099383125096b3dac0"},{"introduced":"0b9efaeb34a2fc51ff8e4d34ad9bc6375459c4a4"},{"fixed":"3fb1aafdafa3d33bc698930095db1e56c0f76452"},{"introduced":"925c127ec6b946659ad0fd596fa959be43f0cc05"},{"fixed":"bee2d1505c4fe820744d26d41ecd3fdd4a3d6546"}],"database_specific":{"versions":[{"introduced":"1.3.0"},{"last_affected":"1.3.10"},{"introduced":"1.4.0"},{"last_affected":"1.4.12"},{"introduced":"1.5.0"},{"last_affected":"1.5.8"},{"introduced":"1.6.0"},{"last_affected":"1.6.13"},{"introduced":"1.7.0"},{"fixed":"1.7.14"},{"introduced":"1.8.0"},{"fixed":"1.8.9"},{"introduced":"1.9.0"},{"fixed":"1.9.4"}]}}],"versions":["v1.3.0","v1.3.1-beta.0","v1.3.10","v1.3.10-beta.0","v1.3.2","v1.3.2-beta.0","v1.3.3","v1.3.3-beta.0","v1.3.4","v1.3.4-beta.0","v1.3.5","v1.3.5-beta.0","v1.3.6","v1.3.6-beta.0","v1.3.7","v1.3.7-beta.0","v1.3.8","v1.3.8-beta.0","v1.3.9","v1.3.9-beta.0","v1.4.0","v1.4.1","v1.4.1-beta.0","v1.4.1-beta.1","v1.4.1-beta.2","v1.4.11-beta.0","v1.4.12","v1.4.2","v1.4.2-beta.0","v1.4.2-beta.1","v1.4.3","v1.4.3-beta.0","v1.4.4","v1.4.4-beta.0","v1.4.5","v1.4.5-beta.0","v1.4.6","v1.4.6-beta.0","v1.4.7","v1.4.7-beta.0","v1.4.8","v1.4.8-beta.0","v1.4.9","v1.4.9-beta.0","v1.5.0","v1.5.1","v1.5.1-beta.0","v1.5.2","v1.5.2-beta.0","v1.5.3","v1.5.3-beta.0","v1.5.4","v1.5.4-beta.0","v1.5.5-beta.0","v1.5.6","v1.5.7","v1.5.7-beta.0","v1.5.8","v1.5.8-beta.0","v1.6.0","v1.6.1","v1.6.1-beta.0","v1.6.10","v1.6.10-beta.0","v1.6.11","v1.6.11-beta.0","v1.6.12","v1.6.12-beta.0","v1.6.13","v1.6.13-beta.0","v1.6.2","v1.6.2-beta.0","v1.6.3","v1.6.3-beta.0","v1.6.4-beta.0","v1.6.5","v1.6.5-beta.0","v1.6.6","v1.6.6-beta.0","v1.6.7","v1.6.7-beta.0","v1.6.8","v1.6.8-beta.0","v1.6.9","v1.6.9-beta.0","v1.7.0","v1.7.1","v1.7.1-beta.0","v1.7.10","v1.7.10-beta.0","v1.7.11","v1.7.11-beta.0","v1.7.12","v1.7.12-beta.0","v1.7.13","v1.7.13-beta.0","v1.7.14-beta.0","v1.7.2","v1.7.2-beta.0","v1.7.3","v1.7.3-beta.0","v1.7.4","v1.7.4-beta.0","v1.7.5","v1.7.5-beta.0","v1.7.6","v1.7.6-beta.0","v1.7.7","v1.7.7-beta.0","v1.7.8","v1.7.8-beta.0","v1.7.9","v1.7.9-beta.0","v1.8.0","v1.8.1","v1.8.1-beta.0","v1.8.2","v1.8.2-beta.0","v1.8.3","v1.8.3-beta.0","v1.8.4","v1.8.4-beta.0","v1.8.5","v1.8.5-beta.0","v1.8.6","v1.8.6-beta.0","v1.8.7","v1.8.7-beta.0","v1.8.8","v1.8.8-beta.0","v1.8.9-beta.0","v1.9.0","v1.9.1","v1.9.1-beta.0","v1.9.2","v1.9.2-beta.0","v1.9.3","v1.9.3-beta.0","v1.9.4-beta.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1002102.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N"}]}